System Center Roadshow – May 2012

Consumerization of IT and how it affects User Centric Management.

This May, Bennett Adelson went out on a multi city roadshow across the Microsoft Heartland District (of which we are the 2011 Partner of the Year) speaking about how the trends in consumerization forces the need for IT to shift from managing assets (hardware and software) to managing users and empowering them to make decisions. This shift is from asset-centric management to user-centric management (UCM).

Jason Condo opened the roadshow with a presentation on IT trends with some eye-opening results from recent surveys conducted by industry leaders. This showed how the trending of user savvy in devices, technology and solutions is inevitable and will only grow in the years to come. Using the User Experience Equation, he showed the five areas that IT always must think about when managing assets, users, or data.

Keith Mayer, IT Evangelist from Microsoft, spoke on the benefits of the whole System Center 2012 suite of products and how they can be leveraged to provide UCM and manage the whole enterprise.

David Norling-Christensen provided the  first technical session demonstrating how the new application model in System Center Configuration Manager 2012 aids in driving the move towards UCM. Using the application model, the IT Administrator can make different installation types of a software available for the user and allow specific attributes of the users’ experience to dictate how the software is installed or used. He also demonstrated the new self-service model that empowers the user to get what they want or need while freeing up administrators to provide services instead of installing software.

Jason  provided the second technical session around Microsoft’s Virtual Desktop Infrastructure (VDI) implementation and how it can be leveraged for UCM. By leveraging VDI as a tool, IT can empower the user while freeing themselves of trying to manage unmanaged devices. Using System Center Virtual Machine Manager 2012, Jason showed how it can be leveraged to manage VDI implementations and how it can also manage and organizations hypervisors throughout the enterprise, whether they are VMware, Xen, or Hyper-V.

Lastly, David wrapped up our discussion on UCM by showing the previous technologies in action with MDOP’s User Environment Virtualization (UE-V) that allows users’ personalized application settings to be saved and migrated from machine to machine as they need it. David presented on how this works and how to implement it. He then demonstrated it leveraging the System Center Configuration Manager 2012 applications used in his first session along with Personal and Pooled virtual machines from Jason’s session. This was an excellent demo showing a seamless user experience across physical workstations, virtual machines and even Remote Desktop Services (RDS, formerly Terminal Services).

This was a great roadshow and the System Center team is looking forward to the next ones. Please find the PowerPoint decks used in the roadshow available for download from this post.

System Center Roadshow, May 2012 – Introduction – Keith Mayer, Microsoft

System Center Roadshow, May 2012 – 1 – Consumerization of IT and UCM – Jason Condo, BA

System Center Roadshow, May 2012 – 2 – ConfigMgr 2012 UCM – David Norling-Christensen, BA

System Center Roadshow, May 2012 – 3 – VDI and UCM – Jason Condo, BA

System Center Roadshow, May 2012 – 4 – UE-V UCM – David Norling-Christensen, BA

FIM 2010 with Exchange 2010 Configuration for provisioning

FIM 2010 with Exchange 2010 Configuration for provisioning

FIM 2010 can help provision users account while creating Exchange 2010 mail account. With this process below, we will see how FIM 2010 can create Exchange mailboxes when accounts are created in FIM 2010.

FIM Synchronization Service Manager:

In FIM 2010 Synchronization Service make sure to enable Exchange 2010 Rule Extension:

Select Tools > Options

Check the Enable metaverse rules extension

Select Browse and select Exch2010Extenstion.dll (See Below):

Then in the FIM AD MA make sure to configure the extension:

Select the Configure Extension

Select the drop down Provision for: and select Exchange 2010.

In the Exchange 2010 RPS URI put in : http://<the cas server name>/Powershell. Make sure the powershell web site is enabled for this extension to work.

Exchange 2010 Configuration:

After we have this configured, we need to make sure that an account can create mailboxes in Exchange. In exchange make sure the domain FIM sync account as the proper administrative rights to create mailboxes. Test the account by updating an account and providing them a mailbox. If the FIM sync account can’t create or update a mailbox then the permissions are incorrect.

FIM 2010 Service and Portal:

In the FIM Portal, the synchronization rule outbound will need to be configured for creating the mailbox in Exchange. We do this by updating the MS Exchange attributes in AD. Below is how we configure this rule.

Navigate to the FIM Portal

Select Administration > Synchronization Rules.

Select the outbound rule that has been created for users. If this is not created you must create an outbound rule for AD users.

On the AD Synchronization rule select the Outbound Attribute flow.

Create the five outbound attribute flows below with Initial Flow Only:

1. /o=/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=-> MSEXCHANGEHOMEServerName

2. CN=Default Role Assignment Policy,CN=Policies,CN=RBAC,CN=DomainName,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=DomainName,DC=Com->  MSExchangeRBACPolicyLink

3. CN=<servername of home MDB>,CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=DomainName,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=DomainName,DC=Com ->HomeMDB

If you have multiple databases for HomeMDB you can create a random number to be created for each database. Lets say there are 8, in the attribute flow add the function for the HomeMDB: CN=RandomNum(1,8)

4.  .domainname-> userprincipalName
Example: tester.testdomain.org

5. true -> MDBUseDefaults

Additional attributes that need created for a user are the useraccountcontrol and UnicodePswd. These are needed to create an account in AD. If these attributes are not set please do them so you can get the account created in AD.

Final steps:

1. Create an account in the FIM 2010 Portal

2. Synchronize the FIM MA

3. Export the FIM AD MA

4. Check the attributes in AD

5. Logon with the new account in Outlook or Outlook Web.

Overview:

As you can see it is not difficult to configure FIM 2010 to create mail accounts in Exchange 2010. The process below can reduce administration in AD and Exchange by allowing FIM to control the account creation for AD and Exchange mail account.

Thanks,
Active Directory and Identity and Access Management Principal Engineer
Nathan Mertz | Bennett Adelson | Columbus

System Center Roadshow

 

System Center 2012 – Embracing User Centric Management

User Centric Management (UCM) is the delivery of necessary resources for corporate end-users anywhere, on any device, in a safe and compliant manner.  Bennett Adelson will explore how System Center 2012 and UCM is creating a paradigm shift in how enterprises go from supporting devices to supporting their end-users.

Come learn how you can leverage UCM to support your users’ business needs and personal expectations with System Center 2012.

 

TENTATIVE AGENDA

Recognizing IT Trends – User Centric Management (UCM)

Part 1:  System Center Configuration Manager 2012 and UCM

By: David Norling-Christensen

    • Technical Overview
    • The new application model
    • Self-Service Portal

Part 2:  System Center Virtual Machine Manager 2012 and UCM

By: Jason Condo

    • Technical Overview
    • VDI and RDS
    • Personal and Pooled VMs

Part 3:  User Experience Virtualization (UE-V)

By: David Norling-Christensen

    • Technical Overview

Closing/Raffle

REGISTRATION DETAILS

Columbus (May 21st)

Time: 8:30am – 12:00pm
8800 Lyra Dr. Suite 400
Columbus Ohio, 42340

Cleveland (May 23rd)

Time: 8:30am – 12:00pm
6050 Oak Tree Blvd, Suite 300
Independence Ohio, 44131

Detroit (May 24th)

Time: 8:30am – 12:00pm
1000 Town Center, Suite 1930
Southfield Michigan, 48075